Privacy Policy

Last updated: April 2026

Cybernest Solutions (“we”, “us”, or “our”) operates the Certify+ certificate generation platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

By using Certify+, you consent to the collection and use of your information as described in this policy.

1. Information We Collect

Account Information

When you register for Certify+, we collect your first name, last name, email address, and password (stored as a salted hash). If you sign up using Google, we also receive your Google user ID and profile picture URL from Google (see Section 4).

We also record the date and version of the Privacy Policy and Terms of Service you accepted at registration, as evidence of consent under Section 3(b) of the Data Privacy Act.

Certificate Data

You provide recipient names, recipient email addresses, certificate content, template designs, signatory details, and other data necessary to generate certificates through our platform. As the issuer, you are the data controller for your recipients’ personal data; Certify+ processes it on your behalf.

Usage Data

We automatically collect information about how you interact with Certify+, including server logs, device information, browser type, pages visited, and feature usage analytics.

IP Address and Audit Logs

We record your IP address (up to 45 characters, supporting both IPv4 and IPv6) together with certificate-level events (generation, revocation, verification) in our audit log. We use this for fraud prevention, abuse investigation, and to provide you with a tamper- evident trail of actions on your certificates. Audit log entries, including IP addresses, are hard-deleted after one (1) year.

Payment Information

Payment transactions are processed by PayMongo. We do not store your credit card numbers or bank account details. PayMongo may collect payment information directly in accordance with their own privacy policy.

2. How We Use Your Information

We use your personal information for the following purposes:

• Provide and improve our services — to operate, maintain, and enhance the Certify+ platform
• Generate and manage certificates — to create, store, and deliver certificates on your behalf
• Send transactional emails — to deliver certificates to recipients, send account notifications, and provide service updates
• Process payments — to manage subscription billing and payment verification through PayMongo
• Ensure security — to detect and prevent fraud, unauthorized access, and other security incidents
• Comply with legal obligations — to meet requirements under applicable Philippine law

3. Data Storage and Security

Your data is hosted on Supabase (cloud-hosted PostgreSQL database) with row-level security policies enforcing tenant isolation. Certificate files and assets are stored on Cloudflare R2 (S3-compatible object storage).

We implement the following security measures:

• Encryption at rest for all stored data
• Encryption in transit using SSL/TLS for all communications
• Role-based access controls with multi-tenant isolation
• Authentication tokens with short expiration periods
• Regular security reviews and dependency updates

4. Data Sharing

We do not sell your personal data. We share information only with the following service providers who are necessary for operating Certify+:

• Supabase — database hosting and authentication services (receives: account data, certificate data, audit logs, IP addresses)
• Cloudflare — file storage (R2) and content delivery (receives: certificate PDFs, template assets, signatory signature images)
• Resend — transactional email delivery (receives: recipient email addresses, certificate attachments)
• PayMongo — payment processing (receives: name, email, and payment details entered on their hosted checkout; Certify+ never sees your card number)
• Vercel — application hosting (receives: request metadata, IP addresses for routing and abuse prevention)
• Google (Sign in with Google) — optional authentication provider. If you choose to sign in with Google, we receive your name, email, Google user ID, and profile picture URL from Google. We do not share any additional data back to Google.

Each service provider processes data only as necessary to perform their function and is bound by their respective privacy and data protection policies.

We may also disclose your information if required by law, regulation, legal process, or governmental request.

5. Your Rights Under the Philippine Data Privacy Act

As a data subject under Republic Act No. 10173, you have the following rights:

• Right to be informed — You have the right to know how your personal data is being collected, used, and processed.
• Right to access — You may request a copy of the personal data we hold about you.
• Right to correction — You may request correction of any inaccurate or incomplete personal data.
• Right to erasure or blocking — You may request the deletion or blocking of your personal data under certain conditions.
• Right to data portability — You may request your personal data in a structured, commonly used, and machine-readable format.
• Right to object — You may object to the processing of your personal data, including processing for direct marketing.
• Right to file a complaint — You may file a complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated.

To exercise any of these rights, please contact our Data Protection Officer at dpo@cybernestsolution.com.

6. Cookies

Certify+ uses minimal cookies strictly necessary for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

Authentication cookies are set when you sign in and are required for the platform to function. These cookies expire when your session ends or after a set period of inactivity.

7. Data Retention

We retain your account data and certificate data for as long as your account is active. If you choose to delete your account, we will delete your personal data within a reasonable timeframe, except where retention is required by law.

You may request deletion of your account and associated data at any time by contacting our Data Protection Officer at dpo@cybernestsolution.com. The following retention periods apply to specific data categories:

• Audit logs (including IP addresses) — 1 year
• Payment records — 10 years, as required by Section 235 of the Philippine National Internal Revenue Code
• Certificates and recipient data — for the lifetime of the certificate or until you delete it
• Account data — until you request deletion; residual backups may persist for up to 30 days after deletion

8. Children’s Privacy

Certify+ is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you via email at the address associated with your account and update the “Last updated” date at the top of this page.

Your continued use of Certify+ after receiving notice of changes constitutes your acceptance of the updated policy.

10. Contact Us

Cybernest Solutions has designated a Data Protection Officer (DPO) in accordance with Section 21 of the Implementing Rules and Regulations of the Data Privacy Act. For any questions about this Privacy Policy, to exercise your data privacy rights, or to report a suspected personal data breach, please contact: